-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Petersen,
Petersen wrote: | http://www.spinics.net/lists/crypto/msg02628.html states that loop-aes | 2.0f can't use multi-key encryption without using gpg-key also. | | I use the latest, loop-AES-v3.0a (README of November 27 2004 ), but only | swap-encryption reports multi-key-v3, losetup -a reports 'AES256' only | for drives created with | | losetup -e AES256 -itercountk=300 .... | | - so no multi-key-v3. Am I sitting on a timebomp (as Jari puts it), or | does multi-key-v3 only appear with gpg-keys?
The latest loop-aes, will do multi-key if the keys are piped to it via -p0. You will need to ensure exactly 65 keys in the format generated via the commands in the loop-AES.readme. See section 2.6.
http://loop-aes.sourceforge.net/loop-AES.README
| | I didn't build (with) gpg because I want to have a change of recreating | my data in case of loss of gpg-key. Could that be why 'make tests' | fails? For the same reason I don't use password seed; it is also | difficult to figure out how to do it, from reading the README.
You can use symmetric gpg support, then no public keys are used to encrypt the ~ stored keys. You could also use openssl and pam_mount, although I have not done this in a while. http://www.flyn.org/projects/pam_mount/
| Is the security level of my setup (AES256, no gpg, no seed, | itercountk=300) to weak to bother?
Choose a strong password of known entropy - such as a 10 word diceware passphrase with some extra tidbit thrown in. Your security is as good as the passphrase and should deter most adversaries. See diceware.com for details. It still won't protect from a watermark attack AFAIK. | | Could you explain how the watermark attack work?
Someone better qualified should do this, but here is some reading material.
http://mareichelt.de/pub/texts.cryptoloop.php
Cheers!
- ---Venkat.
- ------------------------------------------------------------------------- Venkat Manakkal Tel:+1-607-546-7300 Fax: 1-607-546-7387 venkat@xxxxxxxxxxxxxx http://www.rayservers.com/ rayservers@xxxxxxxxxxxx Computers. Installed Secure. Wholesale Prices.
PGP/GPG Key: https://www.rayservers.com/keys/0x12430522.asc Get Windows Privacy Tools for free: http://winpt.sf.net/ - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB49UFWdkW/RJDBSIRAo1JAKCKwEK04mZHeLkSh2jt1CRc67h2qQCeMYpG Y2OaUhPiP33NgGXcKuNxydA= =aixp -----END PGP SIGNATURE-----
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
